GDPR Compliance

Your data protection rights under the General Data Protection Regulation

Our Commitment to GDPR

Stellar Gearbox is fully committed to compliance with the General Data Protection Regulation (GDPR). As a service provider handling sensitive financial information, we take data protection seriously and have implemented comprehensive measures to ensure your rights are protected.

Legal Basis for Processing

We process your personal data under the following legal bases:

  • Consent: When you submit a service request or provide documents, you give explicit consent for processing
  • Contract Performance: Processing necessary to deliver the services you have requested
  • Legitimate Interests: For business operations and service improvement, provided your rights are not overridden
  • Legal Obligation: When required to comply with Irish and EU legal requirements

Your Rights Under GDPR

As a data subject, you have the following rights:

Right to Access

You have the right to request access to your personal data and receive a copy of the information we hold about you.

Right to Rectification

You can request correction of any inaccurate or incomplete personal data we hold about you.

Right to Erasure

Also known as the "right to be forgotten," you can request deletion of your personal data in certain circumstances.

Right to Restrict Processing

You can request that we limit the processing of your personal data in specific situations.

Right to Data Portability

You can request to receive your personal data in a structured, commonly used format, or to have it transferred to another controller.

Right to Object

You can object to processing of your personal data based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw that consent at any time.

How We Protect Your Data

We implement technical and organizational measures to ensure data security:

  • All data transmissions are encrypted using industry-standard protocols
  • Access to personal data is restricted to authorized personnel only
  • Regular security assessments and updates to our systems
  • Secure deletion protocols for data no longer needed
  • Staff training on data protection and GDPR compliance

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Service-related communications: retained for the duration of service delivery plus 30 days
  • Pension documents: deleted within 30 days of service completion unless otherwise requested
  • Financial records: retained for 7 years to comply with Irish tax law
  • Marketing consent records: retained until consent is withdrawn

International Data Transfers

We primarily operate within the European Economic Area (EEA). If we transfer personal data outside the EEA, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions confirming the third country provides adequate protection
  • Binding Corporate Rules where applicable

Data Breach Notification

In the unlikely event of a personal data breach that poses a risk to your rights and freedoms, we will:

  • Notify the Irish Data Protection Commission within 72 hours of becoming aware
  • Inform affected individuals without undue delay if the breach poses a high risk
  • Provide clear information about the nature of the breach and steps taken

Exercising Your Rights

To exercise any of your GDPR rights, please contact us at:

Email: [email protected]
Subject Line: GDPR Data Subject Request
Address: 42 Merrion Square East, Dublin 2, D02 H624, Ireland

We will respond to your request within one month. If your request is complex or we receive multiple requests, we may extend this period by two additional months, but we will inform you of any such extension.

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data violates GDPR. In Ireland, the relevant authority is:

Data Protection Commission
21 Fitzwilliam Square South
Dublin 2, D02 RD28
Ireland
Website: www.stellar-gearbox.com

Updates to This Statement

We may update this GDPR compliance statement from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes through our website or by email.

We use cookies to enhance your browsing experience and analyze site traffic. By clicking "Accept", you consent to our use of cookies. Learn more